Access Manager Logging473novdocx (en) 19 February 20104Access Manager Logging Section 4.1, “Understanding the Types of Logging,” on page 73 Section 4.2, “Downloading the Log Files,” on page 74 Section 4.3, “Using the Log Files for Troubleshooting,” on page 794.1 Understanding the Types of LoggingAccess Manager supports three types of logging: Section 4.1.1, “Component Logging for Troubleshooting Configuration or Network Problems,”on page 73 Section 4.1.2, “HTTP Transaction Logging for Proxy Services,” on page 744.1.1 Component Logging for Troubleshooting Configurationor Network ProblemsEach Access Manager component maintains log files that contain entries documenting the operationof the component. Component file logging records the processing and interactions between theAccess Manager components that occur while satisfying user and administrative requests and duringgeneral system processing. By enabling the correct levels of logging for the various Access Managercomponents, an administrator can monitor how the Access Manager processes user andadministrative requests. Transaction flows have been defined to help the administrator identify theprocessing steps that occur during the execution of specific types of user or administrative requests.All component file logs include tags and values that allow the administrator to identify and correlatewhich component file log entries pertain to a given transaction and user.Component file logs are not primarily intended for debugging the software itself, although they canbe used to detect software that is not behaving properly. Rather, the intent of component file loggingis to document the operational processing of the Access Manager components so that systemadministrators and support personnel can identify and isolate problems caused by configurationerrors, invalid user data, or network problems such as broken connection. However, component filelogging is typically the first step in identifying software bugs.Component file logging is more verbose than audit logging. It increases processing load, and on aday-to-day basis, it should be enabled only to log error conditions and system warnings. If a specificproblem occurs, component file logging can be set to info or config to gather the information neededto isolate and repair the detected problem. When the problem is resolved, component file loggingshould be reconfigured to log only error conditions and system warnings.Log files can be configured to include entries for the following events: Initialization and shutdown Configuration Events processed by the component, such as authentication, role assignment, resource access,and policy evaluation Error conditions